server/tests/api/users/oauth.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import { expect } from 'chai'
   4 import { SQLCommand } from '@server/tests/shared'
   5 import { wait } from '@shared/core-utils'
   6 import { HttpStatusCode, OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models'
   7 import { cleanupTests, createSingleServer, killallServers, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
   8
   9 describe('Test oauth', function () {
  10   let server: PeerTubeServer
  11   let sqlCommand: SQLCommand
  12
  13   before(async function () {
  14     this.timeout(30000)
  15
  16     server = await createSingleServer(1, {
  17       rates_limit: {
  18         login: {
  19           max: 30
  20         }
  21       }
  22     })
  23
  24     await setAccessTokensToServers([ server ])
  25
  26     sqlCommand = new SQLCommand(server)
  27   })
  28
  29   describe('OAuth client', function () {
  30
  31     function expectInvalidClient (body: PeerTubeProblemDocument) {
  32       expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
  33       expect(body.error).to.contain('client is invalid')
  34       expect(body.type.startsWith('https://')).to.be.true
  35       expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
  36     }
  37
  38     it('Should create a new client')
  39
  40     it('Should return the first client')
  41
  42     it('Should remove the last client')
  43
  44     it('Should not login with an invalid client id', async function () {
  45       const client = { id: 'client', secret: server.store.client.secret }
  46       const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  47
  48       expectInvalidClient(body)
  49     })
  50
  51     it('Should not login with an invalid client secret', async function () {
  52       const client = { id: server.store.client.id, secret: 'coucou' }
  53       const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  54
  55       expectInvalidClient(body)
  56     })
  57   })
  58
  59   describe('Login', function () {
  60
  61     function expectInvalidCredentials (body: PeerTubeProblemDocument) {
  62       expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
  63       expect(body.error).to.contain('credentials are invalid')
  64       expect(body.type.startsWith('https://')).to.be.true
  65       expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
  66     }
  67
  68     it('Should not login with an invalid username', async function () {
  69       const user = { username: 'captain crochet', password: server.store.user.password }
  70       const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  71
  72       expectInvalidCredentials(body)
  73     })
  74
  75     it('Should not login with an invalid password', async function () {
  76       const user = { username: server.store.user.username, password: 'mew_three' }
  77       const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
  78
  79       expectInvalidCredentials(body)
  80     })
  81
  82     it('Should be able to login', async function () {
  83       await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
  84     })
  85
  86     it('Should be able to login with an insensitive username', async function () {
  87       const user = { username: 'RoOt', password: server.store.user.password }
  88       await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
  89
  90       const user2 = { username: 'rOoT', password: server.store.user.password }
  91       await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
  92
  93       const user3 = { username: 'ROOt', password: server.store.user.password }
  94       await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
  95     })
  96   })
  97
  98   describe('Logout', function () {
  99
 100     it('Should logout (revoke token)', async function () {
 101       await server.login.logout({ token: server.accessToken })
 102     })
 103
 104     it('Should not be able to get the user information', async function () {
 105       await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 106     })
 107
 108     it('Should not be able to upload a video', async function () {
 109       await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 110     })
 111
 112     it('Should be able to login again', async function () {
 113       const body = await server.login.login()
 114       server.accessToken = body.access_token
 115       server.refreshToken = body.refresh_token
 116     })
 117
 118     it('Should be able to get my user information again', async function () {
 119       await server.users.getMyInfo()
 120     })
 121
 122     it('Should have an expired access token', async function () {
 123       this.timeout(60000)
 124
 125       await sqlCommand.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
 126       await sqlCommand.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
 127
 128       await killallServers([ server ])
 129       await server.run()
 130
 131       await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 132     })
 133
 134     it('Should not be able to refresh an access token with an expired refresh token', async function () {
 135       await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 136     })
 137
 138     it('Should refresh the token', async function () {
 139       this.timeout(50000)
 140
 141       const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
 142       await sqlCommand.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
 143
 144       await killallServers([ server ])
 145       await server.run()
 146
 147       const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
 148       server.accessToken = res.body.access_token
 149       server.refreshToken = res.body.refresh_token
 150     })
 151
 152     it('Should be able to get my user information again', async function () {
 153       await server.users.getMyInfo()
 154     })
 155   })
 156
 157   describe('Custom token lifetime', function () {
 158     before(async function () {
 159       this.timeout(120_000)
 160
 161       await server.kill()
 162       await server.run({
 163         oauth2: {
 164           token_lifetime: {
 165             access_token: '2 seconds',
 166             refresh_token: '2 seconds'
 167           }
 168         }
 169       })
 170     })
 171
 172     it('Should have a very short access token lifetime', async function () {
 173       this.timeout(50000)
 174
 175       const { access_token: accessToken } = await server.login.login()
 176       await server.users.getMyInfo({ token: accessToken })
 177
 178       await wait(3000)
 179       await server.users.getMyInfo({ token: accessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
 180     })
 181
 182     it('Should have a very short refresh token lifetime', async function () {
 183       this.timeout(50000)
 184
 185       const { refresh_token: refreshToken } = await server.login.login()
 186       await server.login.refreshToken({ refreshToken })
 187
 188       await wait(3000)
 189       await server.login.refreshToken({ refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
 190     })
 191   })
 192
 193   after(async function () {
 194     await sqlCommand.cleanup()
 195     await cleanupTests([ server ])
 196   })
 197 })